Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 8a78fd4d authored by Svetoslav Ganov's avatar Svetoslav Ganov
Browse files

AccessibilityEvent/AccessibilityNodeInfo class name property should be set to... 

AccessibilityEvent/AccessibilityNodeInfo class name property should be set to only framework classes.

AccessibilityEvent and AccessibilityNodeInfo have a property className which is set to the source
Java class. This is problematic since leads to leaking private classes which would allow an
accessibility service to load classes from other packages. This is strongly undesirable since
not trusted code can be loaded, and hence executed, in the accessibility service. To address
that the class name is set to the most concrete framework class extended by the info/event
source.

bug:5878943

Change-Id: I7b3114ece8772ea2773f5151e21b8a6f2006882a
parent 32313b16
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment